Visa and MasterCard have announced support for Host Card Emulation, a cloud-based mechanism for hosting NFC applications outside the Secure Element that effectively removes the need for bank reliance on telcos in implementing mobile payments.

HCE allows any NFC application on an Android device to emulate a smart card, letting users pay with their smartphones, while permitting financial institutions to host payment accounts in a secure, virtual cloud.

Both Visa and MasterCard have announced a new set of tools and support applications designed to make it easier for banks to adopt HCE as an alternative to renting space on the SIM from airtime operators.

The initial Visa payWave standard for cloud-based deployment is available now, alongside a software development kit to support clients who wish to develop their own cloud-based payment applications. Future versions of the Visa payWave standard will add support for QR codes and in-app payments, alongside a new service and platform for the issuing of digital tokens rather than the 16-digit payment account number.

MasterCard says it will publish its secure remote payment specifications during the first half of 2014. The scheme has been working with Capital One and Banco Sabadell on developing its approach via small scale pilots.

"For Capital One, the pilot was about exploring new ways to commercially deploy an NFC-based offering and securely store credentials. We've enjoyed a longstanding partnership with MasterCard, and we continue to work together to deliver innovative solutions for our bank customers," says Jack Forestell, EVP, digital, Capital One.

Visa is claiming support from bank clients in Australia and North America, including ANZ, NAB, Royal Bank of Canada and US Bank.

Michael Starkey, general manager, channel development, digital and direct banking, National Australia Bank, says: "This is an exciting opportunity for NAB, and its partners, because it overcomes the limitations existing solutions that are currently in pilot, which house account information on the phone and limit NFC solutions to a small selection of Android devices as a result."

Spain's bankInter last week announced that it would go live with a HCE-based mobile payment service in Q2/Q3 following a year-long pilot trial using BlackBerry devices.

Says Jacobo Díaz, director of innovation, products, markets and quality of Bankinter: "Blackberry has been the company leading Host Card Emulation technology, and we are glad to recognise their major contribution to HCE-based mobile payments. Google later announcement (Nov/13) about HCE support on their new Android 4.4 Kit Kat operating system has allowed us to build a wide enough commercial proposal for our customers. We are convinced that iOS and Windows Phone will incorporate HCE very soon."

The breakthrough poses a challenge to mobile airtime operators, who will be forced to redefine their relationships with banks and merchants and build in more added value services to attract support.

Comments: (12)

Interesting...I wonder though what that will mean in terms of trust from issuing banks, after all it is their customers card details that are being broadcast in this fashion.

Though this may appear to be a major break through, potentially for card based payments, it is just that, card based payments from a mobile device. The real challenges that face mobile payments are not addressed here, nor can they be. Cost, added value,
incencitives for businesses and consumers, all are missing....

A Finextra member | 19 February, 2014, 16:48
Woah! Hold the phone! (Snigger) - current mobile systems, including Paypal, rely on the bank's KYC procedures that they are obliged two undertake when opening a bank account. This is linked to a mobile number for the required triangulation with a mechanism
such as penny drop. Throwing this out of the window without replacing it with a mechanism of equal or greater security is a brave move. Until I am reassured by a look at this proposal in greater deal, I would not personally trust my hard earned funds to such
an system. How about you?

On the contrary Andrew, the card details are not being "broaccast", they're being provisioned to a server under the issuer's control.

In terms of cost, as a solution based on the existing EMV (contactless) infrastructure, it means zero cost to merchants, no change to the acquiring infrastructure, no new POS, no dongles, no staff training beyond "it's a contactless card on a mobile" and
no bespoke solutions from the myriad of startups who all want to own this space. For the issuer it also means no fees to the MNO, everything remains under issuer control.

Of course coupons and dicounts can be added to the wallet as a next step but to facilitate mobile payments, this has got a lot going for it.

Until now the biggest shout from detractors has been "The schemes will never support it!!"

Ok technically true, however the data that identifies a transaction is broadcast.

I would beg to differ that no change for the merchant, quite the opposite. Penetration with contactless cards is still low, and the technology that is used in a contactless card transaction is not the same as that used in a mobile contactless transaction.
So that means those who have invested in contactless need to reinvest and for what? There is no added value and no cost savings to the merchant. In addition, nothing of real use for me as a consumer, only the experience of using my phone.

Business need to invest in contactless and POS upgrades to make this work, and to date the card schemes are struggling with contactless. So im not convinced of mobile being the solution either for the card schemes.

Andrew, sorry to disagree again but any terminal that can accept a contactless card transaction can accept an NFC transaction, whether cloud or device SE.

NO further changes are required once the merchant is set up for contactless.

Data for a single transaction is sent from the server to the mobile device over a secure channel. If this were compromised, one transaction would be compromised. Similar technology is used for mobile banking where the whole account would be at risk if the
technology were as insecure as you imply.

But those transactions then are limited to £20. If as you say used in a secured wallet, the handshake is different so that a PIN is used on a mobile device. NFC standards are not always the same. This is before we even get into NFC on mobile devices.

The point remains that there is no value to these transactions for a merchant. As I say, for real mobile innovation we must look beyond card schemes, so that merchants save money on each transaction and that there is a real incentive for them and their customers
to use mobile.

I agree Andrew, there's definitely a phase two where there needs to be added value for all participants. However for now, a mobile payment scheme that involves no disruption and no cost to the merchant and can be implemented by the banks with no third party
involvement seems a pretty good starting point compared to some of the complex alternatives.

Perhaps. But contactless does come at a cost for the merchant, it's not a free thing (even if orignally installed for free, at some point the merchant pays for that extra technology).

With that in mind, why should the industry expect merchants to embrace mobile payments or any form of contactless? This is why after many years of pushing from card schemes and issuers, we still dont use contactless. Mobile NFC (no matter how its implemented) will
not change that.

I think you point out our different stances quite well from that article. The comments represent my own thoughts.

Contactless is around 0.6% of card based transactions. After all this time, still only at 0.6%. I personally think that illustrates my point very well, that merchants aren't adopting contactless and thats because of cost and no added value.

This is why we see so many alternative payment options being looked into by businesses. You need look no further than starbucks.

Andrew, I think we're going a bit off message from the original HCE discussion and we may need to agree to differ on whether merchants are supporting contactless. However, here's what Visa has to say:

"There are more than one million places where you can use your Visa contactless card in Europe 280,000 of which are in the UK. That includes retailers like M&S, McDonald’s, Starbucks, WHSmiths, Post Office, EAT, Pret A Manger and The Co-operative Food as
well as many pubs and bars, and all of London’s buses"

I'd say that's quite a few more than the number of places you can use a mobile payment solution from any of the niche players.

A very interesting debate above. For me it boils down to this: merchants now have a choice to do something with mobile payments @ contactless POS through Visa/MasterCard that they did not have before. Arguably, the pace has not been quick due to the "Secure
Element stand-off" which now has "gone away". The schemes are a little behind some of the quicker, more nimble players who are targeting real value-add, but they are coming now and they already have the rails. The enablers are there for new innovations, and
there are some new players already pitching in to this space. Its going to be an interesting year.